mirror of
https://github.com/DNSCrypt/dnscrypt-proxy.git
synced 2024-12-12 22:36:32 +01:00
9.0 KiB
9.0 KiB
A modern client implementation of the DNSCrypt protocol.
dnscrypt-proxy 2.0.0alpha10 is available for download!
Installation
Initial configuration
- Modify the
dnscrypt-proxy.toml
configuration file according to your needs. - Make sure that nothing else is already listening to port 53 on your system and run (in a console with elevated privileges on Windows) the
dnscrypt-proxy
application. Change your DNS settings to the configured IP address and check that everything works as expected. A DNS query forresolver.00f.net
should return one of the chosen DNS servers instead of your ISP's resolver. - Register as a system service (see below).
Installation as a system service (Windows, Linux, MacOS)
Type dnscrypt-proxy -service install
to register dnscrypt-proxy as a system service, and dnscrypt-proxy -service start
to start it.
Done. It will automatically start at boot.
This setup procedure is compatible with Windows, Linux (systemd, Upstart, SysV), and macOS (launchd).
Other commands include stop
, restart
(useful after a configuration change) and uninstall
.
Current status/features
The current 2.0.0 alpha version includes all the major features from dnscrypt-proxy 1.9.5 (support for dnscrypt v2, synthetic IPv6 responses, logging, blocking, forwarding and caching), with improved reliability, flexbility, usability and performance.
Features | dnscrypt-proxy 1.x | dnscrypt-proxy 2.x |
---|---|---|
Status | Old PoC, barely maintained any more | Very new, but quickly evolving |
Code quality | Big ugly mess | Readable, easy to work on |
Reliability | Poor, due to completely broken handling of edge cases | Excellent |
Security | Written in C, bundles patched versions from old branches of system libraries | Written in standard and portable Go |
Dependencies | Specific versions of dnscrypt-proxy, libldns and libtool | None |
Upstream connections using TCP | Catastrophic, requires client retries | Implemented as anyone would expect, works well with TOR |
XChaCha20 support | Only if compiled with recent versions of libsodium | Yes, always available |
Support of links with small MTU | Unreliable due to completely broken padding | Reliable, properly implemented |
Support for multiple servers | Nonexistent | Yes, with automatic failover and load-balancing |
Custom additions | C API, requires libldns for sanity | Simple Go structures using miekg/dns |
AAAA blocking for IPv4-only networks | Yes | Yes |
DNS caching | Yes, with ugly hacks for DNSSEC support | Yes, without ugly hacks |
EDNS support | Broken with custom records | Yes |
Asynchronous filters | Lol, no, filters block everything | Of course, thanks to Go |
Session-local storage for extensions | Impossible | Yes |
Multicore support | Nonexistent | Yes, thanks to Go |
Efficient padding of queries | Couldn't be any worse | Yes |
Multiple local sockets | Impossible | Of course. IPv4, IPv6, as many as you like |
Automatically picks the fastest servers | Lol, it supports only one at a time, anyway | Yes, out of the box |
Official, always up-to-date pre-built libraries | None | Yes, for many platforms. See below. |
Automatically downloads and verifies servers lists | No. Requires custom scripts, cron jobs and dependencies (minisign) | Yes, built-in, including signature verification |
Advanced expressions in blacklists (ads*.example[0-9]*.com) | No | Yes |
Forwarding with load balancing | No | Yes |
Built-in system installer | Only on Windows | Install/uninstall/start/stop/restart as a service on Windows, Linux/(systemd,Upstart,SysV), and macOS/launchd |
Planned features
- New super simple (to copy&paste), extensible format for servers parameters: "stamps"
- Offline responses
- Local DNSSEC validation
- Flexible logging
- Windows support that doesn't suck
- DNS-over-HTTPS (DoH), the successor to DNS-over-TLS
- Support for the V1 plugin API
- Some real documentation
Pre-built binaries
Up-to-date, pre-built binaries are available for:
- Dragonfly BSD
- FreeBSD/x86
- FreeBSD/x86_64
- Linux/arm
- Linux/arm64
- Linux/mips
- Linux/mips64
- Linux/mips64le
- Linux/x86
- Linux/x86_64
- MacOS X
- NetBSD/x86
- NetBSD/x86_64
- OpenBSD/x86
- OpenBSD/x86_64
- Windows
- Windows 64 bit